The bits and pieces of Azure AD B2C
- 1. Welcome to Azure Saturday 2019 Munich 18.05.2019 – Microsoft Munich – azuresaturday.de -- @azuresaturday #AzureSaturday
- 2. The bits and pieces of Azure AD B2C #AzureSaturday Speaker: Anton Staykov 18.05.2019 – Microsoft Munich – azuresaturday.de – @azuresaturday
- 5. SSO OpenID Connect OAuth Federation Client credentials ROPC AuthZ Code STS JWTSSI Token IdP Implicit flow JWKS This Photo by Unknown Author is licensed under CC BY claim on behalf of Device Code
- 6. Term Explanation SSO Single SignOn. Once signed in stay signed in across applications SSI Single Sign In. Use same set of credentials (username+password) across applications. Sign-in every time Claim Assertion about an object issued by a trusted authority Security Token Set of claims, digitally signed, issued by a Security Token Service STS Security Token Service. Issues tokens (does not do token validation) IdP Identity Provider. Reliable and secure store for usernames and passwords. Validates identity upon request OAuth Authorization Framework. IETF Standard: https://tools.ietf.org/html/rfc6749 OpenID Connect Interoperable authentication protocol based on the OAuth 2.0 family of specifications. https://openid.net/connect/faq/ JWT JSON Web Token JWKS JSON Web Key Secret SWT Simple Web Token (XML based security token format) SAML Security Assertion Markup Language. Token format SAML-P Security Assertion Markup Language. Protocol implementation that uses SAML Tokens WS-Federation Microsoft Protocol for SSO. Uses SAML Token format WS-Trust Microsoft Protocol for service identity authentication/authorization Various “flows” Implicit Flow, Client Credentials Flow, Authorization Code Grant Flow, On-Bhalf-Of Flow, Device Code. OAuth flows for obtaining tokens. https://oauth.net/2/
- 9. Apps & APIs Analytics CRM and Marketing Automation Business Social IDs Business & Government IDs contoso Customers Azure Active Directory B2C Provide branded (white-label) registration and login experiences Securely authenticate your customers using their preferred identity provider Capture login, preference, and conversion data for customers
- 10. App developers Sign-in any user. Any identity provider, social or email, consumer and enterprise Customize each pixel. Your brand, your HTML and CSS Use built-in, self-service, user journeys or define custom ones Scale to 100s of millions of users, enterprise ready, secure, cost effective Use social accounts Create custom user attributes Customize your pages using HTML and CSS Protect your users with MFA </> for App Developers JavaScript
- 11. Step-by- step user journeys Open standards Connect to a store or migrate its users Conditional branching Enrich user journeys Connect with existing systems for Identity Experts Identity Experts Integrate with any SAML, OIDC, WsFed, or WsTrust-based identity provider Connect to your existing user stores or migrate from those systems seamlessly Connect with existing CRM systems, marketing tools, and databases Use REST APIs to enrich claims and empower user journeys Customize your user journeys with conditional branching Define user journeys between claims providers step-by-step
- 13. =
- 14. … MS Graph =
- 15. Preconditions
- 17. =
- 18. Continual Innovation! Generally available Public Preview Coming soon